Processing Classified Information
on Portable Computers in the Department of Justice

Audit Report 05-32
July 2005
Office of the Inspector General

Appendix I

Objectives, Scope, and Methodology

Our audit objectives were to: (1) review the Departmentís policies and practices concerning the storage of classified information on portable computers, and (2) determine whether more effective practices could be adopted by the Department to enhance the ability to process classified information on portable computers while adequately safeguarding the information.

Our audit was performed in accordance with the Government Auditing Standards issued by the Comptroller General of the United States and included such tests as necessary using the performance auditing standards to accomplish the audit objectives stated above.

During our initial discussions with the Departmentís Deputy Chief Information Officer and the Assistant Director of the Security and Emergency Planning Staff, they identified DOJ components that process classified information using portable computers. Based on their recommendations of components that process classified information, we selected the Drug Enforcement Administration, the Federal Bureau of Investigation, and the Executive Office for United States Attorneys to discuss the use of portable computers for processing classified information.

We extended our interviews beyond the DOJ in order to determine how other federal agencies address the storing and processing of classified information using portable computers. Based on meetings with staff from SEPS and the Chief Information Officerís office, we interviewed IT and security personnel from the National Security Agency, the Central Intelligence Agency, and the Department of Energy. While conducting our interviews with staff at the Central Intelligence Agency, they recommended we also contact the National Reconnaissance Office within the Department of Defense.